FIPS 140-2 Compliance ...all the cool kids are doing it. We'll the ones required to - at any rate.
Our ARS trinity is built on these … ARS services, SQL services, and IIS services.
What evidence can be exposed to support that only certified cryptographic modules are currently being used -
I've found no query, no magic powershell command or registry key that says THIS ARS SQL server only has supported encryption types enabled for use
The GPO export shows the proper settings, the file and product versions for CNG.sys and bcryptprimitives.dll show currency
- and associated registry key and SQL query show connection encryption is turned on. supportedencryptiontypes attribute for servers and service accounts are set for AES only.
Having done that - the return question is - to demonstrate that only approved cryptographic modules are being used.
demonstrate ….
is there a query? or SQL server statement that can be run to obtain a list of the in-use/available crypto's for ARS database SQL Server to use as further proof when needed?